Browse Source

Fix security issue CVE-2016-6232

Based on https://quickgit.kde.org/?p=karchive.git&a=commitdiff&h=0cb243f6

Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
pull/1/head
Slávek Banko 2 years ago
parent
commit
261a3b7a12
1 changed files with 12 additions and 2 deletions
  1. 12
    2
      tdeio/tdeio/karchive.cpp

+ 12
- 2
tdeio/tdeio/karchive.cpp View File

@@ -601,6 +601,7 @@ void KArchiveDirectory::addEntry( KArchiveEntry* entry )
void KArchiveDirectory::copyTo(const TQString& dest, bool recursiveCopy ) const
{
TQDir root;
const TQString destDir(TQDir(dest).absPath()); // get directory path without any "." or ".."

PosSortedPtrList fileList;
TQMap<int, TQString> fileToDir;
@@ -620,10 +621,19 @@ void KArchiveDirectory::copyTo(const TQString& dest, bool recursiveCopy ) const
TQValueStack<TQString> dirNameStack;

dirStack.push( this ); // init stack at current directory
dirNameStack.push( dest ); // ... with given path
dirNameStack.push( destDir ); // ... with given path
do {
curDir = dirStack.pop();
curDirName = dirNameStack.pop();

// extract only to specified folder if it is located within archive's extraction folder
// otherwise put file under root position in extraction folder
TQString curDirName = dirNameStack.pop();
if (!TQDir(curDirName).absPath().startsWith(destDir)) {
kdWarning() << "Attempted export into folder" << curDirName
<< "which is outside of the extraction root folder" << destDir << "."
<< "Changing export of contained files to extraction root folder.";
curDirName = destDir;
}
root.mkdir(curDirName);

dirEntries = curDir->entries();

Loading…
Cancel
Save